/dev/rob0:
> On Sat, Jul 20, 2013 at 05:18:58PM -0400, Wietse Venema wrote:
> > /dev/rob0:
> > > The doubt in my mind about this is for mail truly destined to
> > > our hosted domains. It resolves to an Internet (not an internal)
> > > IP address which is in the MX instance's proxy_interfaces
> > > setting. We're in a DC and behind NAT, with that Internet IP
> > > address being NATed to this host.
> > >
> > > They don't have "hairpin NAT" set up, whereby if I try to connect
> > > to this NATed IP address it would go to the router and come back
> > > to me. I'm fine with that, actually; while that would solve the
> > > instant problem, it could be bad in other ways.
> >
> > An MTA should never connect to its own MTA address and port.
>
> Thanks for the reply.
>
> So how can I deliver mail from our users to our hosted domains? It's
You send it to the public IP address just like everyone else.
If you are sending mail from the inside of the same NAT, and the
NAT cannot handle connections from inside to the public IP address,
then use a private DNS that hands out private IP address to internal
clients, and that forwards all other queries to the Internet.
Wietse
